Mac Security: New Java Driveby Appears, Protect Yourself

Better safe than sorry. There is a powerful new Java exploit available that can be used to attack and take over Windows, Linux and Mac computers. Yet, there are simple things you can do to protect yourself. Step inside for full details on this latest Mac security threat and how not to be a victim.

“So to be clear I have tested the following operating systems: Windows7, Ubuntu 12.04, OSX 10.8.1,” writes Erata Security’s David Maynor. “I have tested the following browsers: Firefox 14.0.1 (Windows, Linux,OSX), IE 9, Safari 6. They same exploit worked on all of them.”

That last sentence certainly got my attention — one exploit to rule them all, wow. Further, this is a drive by exploit that requires no user interaction whatsoever.

“What is more worrisome is the potential for this to be used by other malware developers in the near future,” writes Intego. “Java applets have been part of the installation process for almost every malware attack on OS X this year.”

No Java, no problem.

Gird your Mac security loins

This new exploit only affects JRE 1.7, which requires OS X 10.7.3 or higher, and that means OS X 10.6 Snow Leopard and earlier users aren’t in danger. For OS X Lion and Mountain Lion users, Java isn’t part of Apple’s default install for either version of the OS, so you will need to determine if Java is installed and, if yes, what version you have:

OS X will tell if Java is install and which version you have. If it’s JRE 1.6, no worries.

If you have JRE 1.7 installed, then proceed to Safari > Preferences > Security (image above) to check if it is active. Chance are that it has been inactive for some time and OS X/Safari will have automatically disabled it.